Embed Size (px)
Citation preview
Update in NERC CIP Activities
June 5, 2014
2
• Update on CIP-014-1 • Update on Revisions to CIP Version 5
– BES Cyber Asset Survey
– Implementation Plan
• Questions
Agenda
• FERC Directive March 7• Approved by Industry Final Ballot May 5• Adopted by NERC Board of Trustees May 13• NERC staff is preparing the FERC filing
Key Dates: Project 2014-04 Physical Security (CIP-014-1)
• Standard Effective First day of the first calendar quarter that is six months beyond 3
months following govt. approval Initial Performance of Periodic Requirements
CIP-014-1 Implementation Plan
Requirement R1 Must be completed on or before the effective date of the standard.
Requirement R2 shall be completed as follows: Parts 2.1 Shall be completed within 90 calendar days of the effective
date of the proposed Reliability Standard. Parts 2.2 Shall be completed within 90 calendar days of the effective
date of the proposed Reliability Standard. Part 2.3 Shall be completed within 60 calendar days of the
completion of performance under Requirement R2 part 2.2.
Parts 2.4 Shall be completed within 90 calendar days of the effective date of the proposed Reliability Standard.
CIP-014-1 Implementation Plan
Requirement R3 Shall be completed within 7 calendar days of completion of performance under Requirement R2.
Requirement R4 Shall be completed within 120 calendar days of completion of performance under Requirement R2.
Requirement R5 Shall be completed within 120 calendar days of completion of performance under Requirement R2.
Requirement R6 shall be completed as follows:Part 6.1 Shall be completed within 90 calendar days of completion
of performance under Requirement R5.Part 6.2 Shall be completed within 90 calendar days of completion
of performance under Requirement R5.Part 6.3 Shall be completed within 60 calendar days of
Requirement R6 part 6.2.Part 6.4 Shall be completed within 90 calendar days of completion
of performance under Requirement R5.
• CIP Standards Revisions Ballot Pool Open June 2 – July 2 45-day comment period June 2 – July 16 Ballot July 7 – July 16 Non-Binding Poll (VRF/VSL) July 7 – July 16 RSAWs June 17 Industry Webinar June 19 SDT meeting, St. Paul, MN Week of July 28 SDT meeting, San Francisco, CA Week of August
19
• BES Cyber Asset Survey Comments May 30 – July 14
• NERC RAI Webinar June 19
Key DatesCIP-002 to CIP-011 Revisions
• To gain understanding of the term “BES Cyber Asset” NERC to conduct a survey of responsible entities during the
implementation period for CIP Version 5 Determine the types of Cyber Assets that are included in the definition
of BES Cyber Asset due to the 15-minute parameter Determine the types of Cyber Assets that are excluded from the
definition of BES Cyber Asset due to the 15-minute parameter
BES Cyber Asset Survey
• Based on the survey data, NERC is required to explain to FERC: 1) Specific ways in which entities determine which Cyber Assets meet the
15-minute parameter; 2) Types or functions of Cyber Assets that are excluded from being
designated as BES Cyber Assets and the rationale as to why; 3) Common problem areas with entities improperly designating BES
Cyber Assets; and 4) Feedback from each region participating in the implementation study
on lessons learned with the application of the BES Cyber Asset definition.
BES Cyber Asset Survey
• Builds from April 1, 2016 effective date of V5• While the standard has an effective date, a compliance date
may differ for Requirements• Do not expect IAC language from V5 to go into effect• The following from V5 implementation remains the same:
Initial performance of certain periodic requirements Previous identity verification Planned or unplanned changes resulting in a higher categorization
CIP-002 to CIP-011 Revision Implementation Plan
• For those requirements and parts not listed below, compliance date would be effective date of standard, which is proposed to be later of April 1, 2016 or 3 months following govt. approval.
CIP-002 to CIP-011 Implementation Plan
Standard Requirement Proposed Implementation Periods
CIP-003-6 R2 (Low Impact) Later of April 1, 2017 or 9 months following govt. approval
CIP-006-6 R1 (Comm. Networks) Part 1.10 – Effective date plus 9 months
CIP-007-6 R1 (Comm. Networks) Part 1.2 – Applicable non-programmable electronic equipment associated with new BES Cyber Systems - Effective date plus 6 months
CIP-010-2 R4 (transient devices) Effective date plus 9 months
11
• Project 2014-02 CIP Standards Version 5 Revisions http://www.nerc.com/pa/Stand/Pages/Project-2014-XX-Critical-
Infrastructure-Protection-Version-5-Revisions.aspx
• BES Cyber Asset Survey http://www.nerc.com/pa/Stand/Pages/Project-2014-XX-Critical-
Infrastructure-Protection-Version-5-Revisions.aspx
• Project 2014-04 Physical Security http://www.nerc.com/pa/Stand/Pages/Project-2014-04-Physical-
Security.aspx
References
